package rocks.xmpp.core.sasl.scram;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Map;
import java.util.regex.Pattern;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.sasl.SaslException;
import javax.security.sasl.SaslServer;
import javax.xml.bind.DatatypeConverter;

/* loaded from: input_file:rocks/xmpp/core/sasl/scram/ScramServer.class */
final class ScramServer extends ScramBase implements SaslServer {
    private static final int ITERATION_COUNT = 4096;
    private static final Pattern USER_VALIDATION = Pattern.compile("=(?!2C|3D)");
    private char[] password;
    private byte[] salt;
    private String authorizationId;

    public ScramServer(String str, CallbackHandler callbackHandler) {
        super(str, callbackHandler);
    }

    static String validateAndGetUsername(String str) throws SaslException {
        if (str == null) {
            return null;
        }
        if (USER_VALIDATION.matcher(str).find()) {
            throw new SaslException("Username must not contain '=' not followed by '2C' or '3D'.");
        }
        return str.replaceAll("=3D", "=").replaceAll("=2C", ",");
    }

    public final byte[] evaluateResponse(byte[] bArr) throws SaslException {
        String str = new String(bArr);
        Map<Character, String> attributes = getAttributes(str);
        String str2 = attributes.get('r');
        if (str2 == null) {
            throw new SaslException("SCRAM: No nonce found in client message.");
        }
        if (this.clientFirstMessageBare != null) {
            if (!str2.equals(this.nonce)) {
                throw new SaslException("SCRAM: Client provided invalid nonce.");
            }
            String str3 = attributes.get('p');
            if (str3 == null) {
                throw new SaslException("SCRAM: Client provided no client proof.");
            }
            this.channelBinding = attributes.get('c');
            if (this.channelBinding == null) {
                throw new SaslException("SCRAM: Client provided no channel-binding.");
            }
            try {
                byte[] computeSaltedPassword = computeSaltedPassword(this.password, this.salt, ITERATION_COUNT);
                byte[] computeClientKey = computeClientKey(computeSaltedPassword);
                String computeAuthMessage = computeAuthMessage();
                if (!Arrays.equals(h(xor(computeClientSignature(computeClientKey, computeAuthMessage), DatatypeConverter.parseBase64Binary(str3))), computeStoredKey(computeClientKey))) {
                    throw new SaslException("SCRAM authentication failed.");
                }
                this.isComplete = true;
                return ("v=" + DatatypeConverter.printBase64Binary(hmac(hmac(computeSaltedPassword, "Server Key".getBytes()), computeAuthMessage.getBytes()))).getBytes();
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new SaslException("SCRAM", e);
            }
        }
        if (!str.startsWith("n") && !str.startsWith("y") && !str.startsWith("p")) {
            throw new SaslException("SCRAM: Client first message must start with n, y or p.");
        }
        if (attributes.get('n') == null) {
            throw new SaslException("SCRAM: No user found in client first message.");
        }
        String validateAndGetUsername = validateAndGetUsername(SaslPrep.prepare(attributes.get('n')));
        this.authorizationId = validateAndGetUsername(attributes.get('a'));
        Callback nameCallback = new NameCallback("SCRAM username: ", validateAndGetUsername);
        nameCallback.setName(validateAndGetUsername);
        PasswordCallback passwordCallback = new PasswordCallback("SCRAM password: ", false);
        try {
            this.callbackHandler.handle(new Callback[]{nameCallback, passwordCallback});
            this.password = passwordCallback.getPassword();
            passwordCallback.clearPassword();
            SecureRandom secureRandom = new SecureRandom();
            this.salt = new byte[32];
            secureRandom.nextBytes(this.salt);
            try {
                this.nonce = str2 + generateNonce();
                this.clientFirstMessageBare = createClientFirstMessageBare(validateAndGetUsername, str2);
                this.serverFirstMessage = "r=" + this.nonce + ",s=" + DatatypeConverter.printBase64Binary(this.salt) + ",i=" + ITERATION_COUNT;
                return this.serverFirstMessage.getBytes();
            } catch (NoSuchAlgorithmException e2) {
                throw new SaslException();
            }
        } catch (IOException | UnsupportedCallbackException e3) {
            throw new SaslException("SCRAM: Error retrieving password.");
        }
    }

    public final boolean isComplete() {
        return this.isComplete;
    }

    public final String getAuthorizationID() {
        return this.authorizationId;
    }

    public final byte[] unwrap(byte[] bArr, int i, int i2) throws SaslException {
        return new byte[0];
    }

    public final byte[] wrap(byte[] bArr, int i, int i2) throws SaslException {
        return new byte[0];
    }

    public final Object getNegotiatedProperty(String str) {
        return null;
    }

    public final void dispose() throws SaslException {
    }
}
